3rd Party Ships Software With Ransomware
How did I miss this one? I know I can’t keep up with everything. I was reading the attached article about how manufacturers are sloppy when it comes to cyber security risk, and this part of the article jumped out at me.
The Taiwan Semiconductor Manufacturing Company (TSMC) had a third-party vendor ship them some software, the vendor didn't check the software for viruses and then an engineer at TSMC didn’t scan the software prior to installing it and connecting to TSMC’s systems. Guess what happened? The software was infected with the WannaCry ransomware. Huh? Can you repeat that again. TSMC was down for a couple of days and it didn’t appear to hurt the bottom line, however, how simple is it to scan before you sell or install software?
Supply chain cyber risk is something every company should be reviewing along with all other cyber risk. Because if an attacker can’t get to you, it may be easier to get to the vendors that support you. If you take the time to evaluate your internal risk, extend that same program to external risk. Also, please scan all software prior to installation!